> On April 20, 2017, 4:44 p.m., Oliver Szabo wrote: > > Ship It! > > Keta Patel wrote: > Thank you! > Could you please help me with pushing in the change? > > Oliver Szabo wrote: > thanks for the contribution. > patches are merged: > - trunk: 1c37ffc435995fc898941837a2cdcdffd51d06bc > - branch-2.5: 682bd23194db38ddfeff2743888a9dee91bf514d > > You can submit this review request
Thank you! - Keta ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/58493/#review172467 ----------------------------------------------------------- On April 20, 2017, 4:43 p.m., Keta Patel wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/58493/ > ----------------------------------------------------------- > > (Updated April 20, 2017, 4:43 p.m.) > > > Review request for Ambari, Di Li, Miklos Gergely, and Oliver Szabo. > > > Bugs: AMBARI-20768 > https://issues.apache.org/jira/browse/AMBARI-20768 > > > Repository: ambari > > > Description > ------- > > A local Ambari user with no cluster roles assigned to it can successfully log > into the Logsearch UI. > > Logsearch service exercises restriction on who can access its UI using a > property "logsearch.roles.allowed". This property is a comma-separated list > of roles to be allowed access to Logsearch UI. This defect deals with the > following issue: > 1. If Logsearch service requires that only certain roles be allowed to access > its UI, then a local Ambari user with no roles must not be allowed to access > the UI. > > > DESIRED BEHAVIOR: > ================= > 1. A local user with no role assigned to it, must not be able to access > Logsearch UI. > > Note: The description has been updated by removing the aspect of correcting > the behavior for Ambari Administrator role for the Logsearch UI. > > > Diffs > ----- > > > ambari-logsearch/ambari-logsearch-portal/src/main/java/org/apache/ambari/logsearch/web/security/LogsearchExternalServerAuthenticationProvider.java > e23f0a2 > > > Diff: https://reviews.apache.org/r/58493/diff/2/ > > > Testing > ------- > > The patch *AMBARI-20768.patch* contains the fix for this issue. The fix > involves correction in 1 place in the > LogsearchExternalServerAuthenticationProvider class. > 1. In order to prevent a local user with no cluster roles assigned to it from > logging into Logsearch UI, we return *false*. > > The results of the logsearch tests after applying the patch are shown in the > screenshot "all_tests_successful.png" on the Jira. > > Note: The description for testing has been updated by removing the aspect of > correcting the behavior for Ambari Administrator role for the Logsearch UI. > > > Thanks, > > Keta Patel > >
